47 posts published this month.
Browse by month
The DRAGONFORCE ransomware claim against Innovision Holdings, reported by RedPacket Security, exemplifies a structural governance failure that extends far...
Thirty-five percent of data breaches originate in third-party networks, yet most organizations treat vendor risk as a procurement or IT operations issue rather...
The ransomware attack on Vivaticket—a critical ticketing infrastructure provider serving the Louvre, major European museums, and cultural...
The August 2025 Marquis Software Solutions ransomware incident is not a story about a single vendor failure.
Customer support systems have become primary targets for financially motivated threat actors, yet they remain systematically underprotected in vendor risk...
Healthcare organizations face a structural governance failure that extends beyond operational security: vendor ecosystems remain inadequately mapped,...
The alleged Adobe breach through a compromised Indian Business Process Outsourcing (BPO) vendor handling customer support operations represents a structural...
"text": "# Vendor Breach Liability Without Contractual Control: The Terry Reilly Health Services Case and Healthcare's Governance Gap\n\n## Why This Matters at...
A major healthcare software vendor serving 45,000+ providers disclosed unauthorized access to its electronic health record environment to the SEC following a...
When a single electronic health record vendor serving 45,000+ healthcare providers experiences a security breach affecting millions of patient records, the...
"text": "# Vendor Consolidation as Governance Liability: The CareCloud Breach and Distributed Risk Architecture\n\n## Why This Matters at Board and Regulatory...
The Mercor security incident—affecting OpenAI and Anthropic through compromised open-source infrastructure—exposes a structural governance failure that extends...
Meta's indefinite pause of work with data contractor Mercor following a breach of proprietary AI training data is not a routine vendor management decision—it...
When a third-party data vendor becomes the vector for exposure of proprietary AI training methodologies, the governance failure extends far beyond the vendor...
"text": "# Third-Party Risk Governance Fractured: Why 2025 Predictions Failed and 2026 Requires Structural Change\n\n## The Governance Crisis Behind Vendor...
"text": "# Contractual Liability Asymmetry in Vendor Relationships: Why Standard MSP Agreements Amplify Rather Than Mitigate Cyber Risk\n\n## Framing the...
The Nissan incident—in which a third-party vendor compromise led to confirmed data exposure via Everest ransomware—represents a structural breakdown in vendor...
"text": "# Third-Party Contractor Breaches Now Drive One-Third of NYS School Data Incidents — A Governance and Contractual Liability Crisis\n\n## Why This...
"text": "# Vendor Risk Governance Failure at Scale: HackerOne Breach Exposes Contractual and Notification Liability Gaps\n\n## Why This Matters...
Third-party compromise has transitioned from a vendor management concern to a board-level governance and regulatory liability issue.
The Nigeria Data Protection Commission's simultaneous investigation into Remita Payment Services Ltd.
We asked the same CISO planning question five ways. The first four improved recommendations. The fifth changed the decisions themselves.
When CareCloud, a cloud-based EHR vendor serving over 40,000 healthcare providers across all 50 states, disclosed a March 2026 hacking incident to the SEC, it...
"text": "# Vendor Risk Governance Failure: TriZetto's 11-Month Detection Gap Exposes Healthcare Supply Chain Liability\n\n## Why This Matters at Board and...
"text": "# Supply Chain Compromise as Governance Failure: Why Vendor Risk Frameworks Must Evolve Beyond Technical Detection\n\n## Framing: The Structural...
Mercor, a $10 billion AI training-data vendor serving Anthropic, OpenAI, and Meta, suffered a supply-chain attack through the LiteLLM open-source...
When Everest ransomware operators publicly announced the exfiltration of 910 GB of Nissan customer and dealership data from a third-party vendor, the automaker...
CareCloud's confirmed unauthorized access to patient electronic health records—affecting 45,000+ healthcare providers and millions of patients—represents more...
When a mid-market industrial vendor becomes a ransomware victim, governance implications extend far beyond that organization's perimeter.
A ransomware attack against a banking technology vendor has exposed sensitive personal and financial information for over 672,000 individuals.
"text": "# Vendor Breach Liability Without Contractual Control: The Corewell Health Governance Failure\n\n## Why This Matters at Board and Regulatory...
The Marquis ransomware incident—affecting over 672,000 individuals through a Texas-based fintech vendor serving hundreds of banks—represents a structural...
The AKIRA ransomware attack on Serap, a multinational milk cooler manufacturer with operations across 80+ countries, represents more than a single victim...
Healthcare organizations have invested billions in perimeter defense, yet third-party vendors account for approximately 80% of stolen protected health...
Third-party risk has evolved from a peripheral compliance concern into a material governance liability that directly shapes breach probability, regulatory...
When CareCloud, a New Jersey-based electronic health record software provider, announced unauthorized access to one of its six EHR environments, the breach did...
"text": "# Credential Compromise as Governance Failure: Why Supply Chain Poisoning Demands Board-Level Risk Redesign\n\n## Framing: The Trust Model Has Become...
The CareCloud breach—affecting 45,000+ healthcare providers and exposing millions of patient records—is not primarily a cybersecurity incident.
"text": "# Third-Party Credential Compromise as Systemic Governance Failure: What 2025's Largest Breaches Reveal About Vendor Risk Frameworks\n\n## Why This...
The TeamPCP threat actor campaign—targeting Trivy, KICS, LiteLLM, and Telnyx—reveals a structural governance failure that extends far beyond technical...
"text": "# Vendor Risk Invisibility and the Panera Breach: Why Third-Party Compromise Remains Contractually Unexamined\n\n## Framing: The Governance Gap...
When a Remote Monitoring and Management (RMM) platform becomes the attack vector for enterprise-scale ransomware, the failure is structural, not merely...
The Crunchyroll incident—in which attackers compromised a single customer support agent's Okta SSO credentials at vendor Telus International to access 8...
When U.S. federal agencies experience vendor data breaches—as alleged in the exposure of ICE and DHS contract and vendor information—the governance failure...
Vendor cybersecurity is routinely treated as a technical problem—a matter of security questionnaires, certifications, and penetration testing.
When a compromised vendor employee's device becomes the entry point to a 6.8-million-user data breach, the governance failure extends far beyond the vendor...
BN3 March 2026 — 56 third-party cyber incidents across financial services, healthcare, government, and critical infrastructure. Includes full index, executive summary, and month-at-a-glance statistics.